Security Analysis of OpenStack Keystone

Security Analysis of OpenStack Keystone

Abstract – OpenStack is one of the most used cloud management software today. OpenStack is a free and open-source software platform for cloud computing, mostly deployed as an infrastructure-as-a-service (IaaS). We have selected OpenStack as one of the underlying infrastructure service layer tool because OpenStack allows us to modify our cloud to fit into custom infrastructures that may be necessary for scientific research. Keystone is the key component of OpenStack responsible for authentication and authorization. As the distributed nature of OpenStack services, Keystone plays a major role in binding all of the projects together. Not only do we have to be wary of the services that connect to Keystone but also have to be cautious of the kinds of input and data we give to Keystone from the external sources. The security and protection of the identity and token repository for OpenStack needs to be the most protected component within cloud infrastructure. As the threat surface in cloud changes constantly, security is one of the biggest concerns for any cloud solutions. Deploying the open source cloud raises additional challenges since the intruders have access to the cloud source code and can assess its vulnerabilities. In this paper, we systematically analyze the security aspects of the OpenStack keystone and explore the threat model against, and security requirements of, OpenStack keystone. We then propose a new authentication model using the RESTful API to satisfy the security needs of OpenStack Keystone. The proposed authentication model can accommodate a diverse set of security services.

Index Terms – Authentication, Cloud Computing, Keystone, OpenStack, Security, Vulnerabilities.

I. INTRODUCTION

Cloud computing is getting widely deployed and is changing the landscape how Information Technology (IT) will serve the needs of government, enterprises, society and home users. Organizations around the world are choosing cloud technologies for an optimal mix of reliability, flexibility and value. There are many cloud service providers (CSPs) offering various cloud solutions, such as Amazon Web Services, Microsoft Azure, Google Cloud Platform, IBM Cloud, Rackspace, VMware’s vCloud, Red Hat, Oracle Cloud, Verizon Cloud, Navisite, Salesforce‘s Sales Cloud and many others [1].
Read More